Hello Mark,
As we understand, you mean NTLM being used for communication between Adaxes service and Web interface. If that is correct, you can force using Kerberos perform the below steps on each computer where Adaxes Web interface is installed:
-
Navigate to the folder where Adaxes Web interface is installed, which is C:\Program Files\Softerra\Adaxes 3\Web Interface by default.
-
Open the App folder.
-
Open the Softerra.Adaxes.Adsi.dll.config file with a text editor.
-
Locate the application/channels/channel XML element.
-
Set the servicePrincipalName parameter to Adaxes/<service_FQDN>, where <service_FQDN> is the fully qualified domain name of any computer where your Adaxes service is installed.
<application>
<channels>
<channel ref="tcp" priority="2" secure="true" servicePrincipalName="Adaxes/myadaxesservice.company.com">
...
</channel>
</channels>
</application>
- If you have multiple instances of Adaxes Web interface, specify the same computer name for each Web interface.
- If you have multiple instances of Adaxes service sharing common configuration in the same AD site, they should all have the same Adaxes service account.
-
Save the file.
Also, you need to register the service principal name for your Adaxes service:
-
On any computer where Adaxes service is installed, launch the command prompt.
-
Type the following command and press Enter:
setspn -U -A Adaxes/<service_FQDN> <DOMAIN\username>
In the command:
- <service_FQDN> - The fully qualified domain name of the computer where Adaxes service is installed.
- <DOMAIN\username> - The username of the Adaxes service account.
If you have multiple instances of Adaxes service sharing common configuration:
- All instances of Adaxes service must use the same service account.
- You need to register the service principal name only for one instance of Adaxes service in the configuration set.